This is the time of year when information security professionals like to make prognostications about future trends in the industry. The soothsayers who pen these prophecies rarely provide any information that could be considered earth shattering or even mildly prescient. I am not gifted with the ability to see into the future, and even if I was it is likely I would suffer the same fate as Cassandra and no one would believe me. Thus, I will not attempt to make any predictions about the future. I will however, make a statement of fact about the future. And since this is a truism, it is not a prediction:

Those who use computing resources for nefarious purposes, including phishers, spammers, virus writers, crackers, organized crime units and any other group or individual who sees an opportunity to make money by obtaining information illegally or using computing resources without authorization, will continue to stay 2 or 3 steps ahead of those attempting to secure systems against such people.

I have been involved with information security for over 10 years and I can honestly say that the state of information security has never been worse. There are more threats now than at any time in the past. There are more vulnerabilities now than at any time in the past. Any the job of the information security professional is more demanding and complex than ever.

To some extent, this is to be expected. Information systems are pervasive in every aspect of our lives. And moreover, these systems are all interconnected. Our appliances can communicate with their manufacturers. Our phones have morphed into miniature computers with all the power and vulnerabilities common in desktop PCs. Our cars have computers that are capable of determining faults and sending this information to dealers who can resolve the issue. And our national infrastructure, such as electrical grids, dams, nuclear power stations and stop lights, are all controlled by computers and often are connected to the Internet.

Information systems are more complex than ever. The bad guys have ever more opportunities to attack those systems and make money from using them illegally. The threats are real and protecting against them is difficult. Unfortunately, I don’t see anything that will change this scenario in 2009. Happy New Year.